NFS client policy

From Securewiki

SDSC NFS Client Policy

Date: 1996/03/05 20:16:31

Overview

The San Diego Supercomputer Center Desktop Systems group maintains NFS servers, which provide a safe, stable, storage area for user programs and data.

These servers make files available via the Network File System (NFS) protocol. Filesystems (collections of files) are "exported" from these file servers to properly-authorized "NFS client" computers at the Center. At the present time, only the NFS version 2 protocol is fully supported.

Because these filesystems may be modified from the NFS clients, the security of the files contained in the NFS servers is dependent on the security of the individual NFS clients.

Requirements for NFS clients

Administrators of hosts with NFS client privileges must ensure that such hosts comply with the following NFS client policy. Hosts that have been granted NFS client access, and are subsequently found to violate this policy, are subject to having their access revoked.

(Most NFS clients are administered by the Desktop Systems group, which is bound by this policy, the same as for NFS clients administered by other people, projects or groups.)

Requirements:

NFS client configuration inspection:

Any host with NFS client access must allow inspection of its configuration by the Workstations Services and/or Engineering, Networking and Security groups at all times while it is connected to the SDSC network. As a practical matter, this requires that qualified system administrators from these groups have privileged accounts on NFS clients.

NFS clients must authenticate their users:

Any NFS client must have some way to authenticate users by a login account, with a password (or eqiuvalent) before allowing access to NFS-mounted filesystems. Note: The "pcnfsd" mechanism is NOT user authentication.

NFS clients must use the SDSC user id (UID) and group id (GID) assignments:

Any NFS client must assign NFS UID and GID values consistently with the SDSC standard assignments. This requires that a user who is authenticated via a user name have NFS request packets sent with the corresponding UID and GID for that user, as listed in the SDSC password and group files.

NFS clients must be capable of protecting the NFS file handles:

The NFS file handles are the "keys" to the served filesystem. In many cases, any person or computer with the file handles can access any file on the exported filesystem. Therefore these "keys" must be protected by the client. This is usually done by keeping the file handles stored in the operating system kernel. The file handles must be held by some non-user-mode software so they are not available to the users of the system.

UDP checksums:

All NFS clients must have UDP checksums enabled.

Unmounting file systems:

All NFS clients must explicitly unmount any NFS-mounted file systems before shutting down, or before disconnecting from the network.